Lizard Squad, or just some impersonators? City of London police is warning UK businesses not to pay any DDoS ransom demands they might receiveLizard Squad

The City of London Police has issued an alert to UK businesses warning them not to obey extortion demands being sent by a group of hackers calling themselves the "Lizard Squad".

According to the email alert sent out by the National Fraud Intelligence Bureau (NFIB), which is part of the City of London Police, since 28 April Thursday, numerous businesses in the UK have been receiving extortion demands sent via email threatening to launch Distributed Denial of Service (DDoS) attacks against companies if they do not pay a ransom of 5 bitcoins (£1,545, $2,250) by a certain time and date.

If the companies refuse to pay the ransom even after being DDoS-ed and having their websites and networks taken offline, the hackers claim they will continue attacking and that the ransom will increase by another 5 bitcoins for each day that the ransom goes unpaid, and that the DDoS attacks cannot be stopped once they are started.

Do not pay the ransom

However, the NFIB says businesses must not pay the ransom, and instead report it to Action Fraud hotline operated by the NFIB or use the online reporting form. Victims should also maintain a timeline of the attack, recording all times, content, method and types of contact from the hackers, as well as retaining the original emails, including their headers.

Since 28 April, businesses in the US have also been receiving similar ransom demands from the same "Lizard Squad" group, according to CloudFlare, which wrote in a blog post: "Similar to the group claiming to be the 'Armada Collective', there is a general consensus within the security community that this group claiming to be the 'Lizard Squad' is not in fact actually the group they claim to be. This is another copycat."

CloudFlare's Justin Paine says that after the firm wrote about a group of hackers calling themselves the "Armada Collective" who were sending out empty DDoS threats on 25 April in another blog, the hackers stopped sending ransom threats to website owners who were CloudFlare customers.

'Lizard Squad' yet to follow through on threats

Similarly, from discussions with other security vendors, CloudFlare has established that the "Lizard Squad" hackers sent out over 500 ransom demands at the end of last week, but all the emails are exactly identical, even reusing a bitcoin address.

If the bitcoin address is reused, it means that the cybercriminals have no way of telling which company has paid up the ransom demand, which seems rather improbable for a criminal venture that is actually trying to make money. CloudFlare has also said that the "Lizard Squad" hackers have yet to actually follow through on their threats.

Nevertheless, if your business is being DDoSed, the NFIB advises that you report the situation to Action Fraud immediately and also call your internet service provider or hosting provider (if you do not host your own web server), inform them that you are under attack and ask them for help.

In general, the NFIB recommends that all UK businesses practice good cybersecurity habits, including making sure that you have the hosting facilities in place capable of handling large, unexpected volumes of website hits without the traffic causing your websites or networks to go offline.